Framebreaking without JavaScript?

Re: Framebreaking without JavaScript?

WebFoot wrote:If you know the ip address, you can use .htaccess (assuming you're using
Apache, of course).

More info in alt.apache.conf iguration.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Framebreaking without JavaScript?



Jerry Stuckle <jstucklex@attg lobal.netsez:Which part of
are you having trouble understanding?

~WebFoot

Re: Framebreaking without JavaScript?

WebFoot wrote:Which part of my answer are you having trouble understanding?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Framebreaking without JavaScript?



Jerry Stuckle <jstucklex@attg lobal.netsez:You are the one who seems to have comprehension
issues, not me.

I asked a question that specified "a solution that
handles all framing sites, not just the ones I know
about" (which means I *DON'T* know the ip address) and
your alleged answer started with "if you know the ip
address" (which means I *DO* know the ip address).
You ignored the question asked and gave an answer to an
entirely different question that I already said that
I have the answer to.

So, do you have an answer to the actual question asked?


GOAL:
Break out of a hostile frame.

IDEAL SOLUTION:
My page loads unframed.

OK SOLUTION:
Framing site displays blank page
or 404 error inside the frame

NOT LOOKING FOR:
JavaScript solution -- some visitors
don't have JavaScript enabled

NOT LOOKING FOR:
Link with target="_top" solution -- it does not
work unless someone clicks on that link.

NOT LOOKING FOR:
Meta refresh with target="_top" solution -- the
refreshing screws up the back button for the user,
and search engines don't like it.

NOT LOOKING FOR:
A way to ban specific sites that frame my page. I want
to stop all sites from doing it rather than constantly
checking logs and adding new bans.

NOT LOOKING FOR:
Any "answers" that totally ignore what I wrote above.

~WebFoot

Re: Framebreaking without JavaScript?

On 02 Aug 2008, WebFoot <webfoot@.wrote :
There is "somewhat" of a solution using the php $_SERVER['HTTP_REFERER']
superglobal. While, as the manual states, some browsers ignore or manipulate
this, it is nevertheless statistically effective and certainly applicable to
the situation you describe. My workup doesn't satisfy your "ideal" solution
but I think it complies with your "ok" solution just fine. Using php
sessions may allow the goal to be even better satisfied, but I think sessions
have their own drawbacks.

The code should be obvious, but if it isn't, I will post my own flavor upon
request.

--
Neredbojias

Great sights and sounds

Re: Framebreaking without JavaScript?

On Aug 1, 8:00 pm, WebFoot <webfoot@.wrote :Why do you care? And what the hell is a hostile website?

--
Travis
Flash Crap: http://travisnewbury.blogspot.com

Re: Framebreaking without JavaScript?

>>OK SOLUTION:Proportionately very, very few.
And a javascript solution will soon show the thief the stupidity of their
ways.

Of course, a no-technical solution - like contacting their host - will be
100% effective - with a bit of luck, the whole site will disappear.
--

Andrew
seo2seo.com
sick-site-syndrome.com

UK Residents:
STOP THE "10p Tax Ripoff"
Sign the petition to stop the government stealing from the
very poorest tell your friends about this petition:

Re: Framebreaking without JavaScript?

Travis Newbury wrote:He's talking abut another site putting your site into a frame on their
site to make it appear as though your content is their content.

Do you remember when about.com was the mining company? That is what he
is talking about.

The JavaScript solution is the best solution that I am aware of. Not
everybody has JavaScript enabled, but most do.

Re: Framebreaking without JavaScript?

Sun, 3 Aug 2008 19:57:54 +0100 from Andrew Heenan <fire@will.com> :Not only do you not know how to quote correctly, but you don't
understand percentages very well. 5% or more[1] can hardly be
described as "very, very few".

[1] http://www.w3schools.com/browsers/browsers_stats.asp
Again, you seem to have trouble with percentages. "100% effective"
means a certainty, but it is by no means certain that a site will be
taken down on request.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA

HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/
Why We Won't Help You:

Re: Framebreaking without JavaScript?




WebFoot wrote:
I slapped together a test page for the various ways that
I found doing a web search (I will add the php method I
just read about in another post in the next few days).
None meet all of your requirements. Some of them suck
in various other ways.

Test page: http://www.guymacon.net/f0n.html

Being an engineer, I will now do what engineers do;
question the requirements. When you write "NOT
LOOKING FOR: A way to ban specific sites that frame
my page. I want to stop all sites from doing it
rather than constantly checking logs and adding new
bans." you are making the assumption that you have
to do the checking and adding. Not so. A computer
program could do it for you.

There already exists a program that watches the
incoming requests and looks for web spiders that
ignore robots.txt and denies them access, all without
any human intervention. I am pretty sure that
something like that could be done with framing sites.



--
Guy Macon
<http://www.GuyMacon.co m/>

Re: Framebreaking without JavaScript?


"Guy Macon" <http://www.GuyMacon.co m/wrote in message
news:Y9idnZO1Z6 63BAvVRVn_vwA@g iganews.com...There is?

Re: Framebreaking without JavaScript?

"Stan Brown" <the_stan_brown @fastmail.fmwro teAnd you have trouble reading.
I didn't say that contacting a host would be a 100% effective, I said a
non-technical solution will be 100% effective.

Horses for courses; that may mean getting the host to act, it may mean going
to court ... but whereas technical solutions may be either flawed from the
start, or can be evaded at leisure, dealing with the problem non-technically
can solve it.

And you reckon 5% of folk disable js? Evidence?
--

Andrew
seo2seo.com
sick-site-syndrome.com

UK Residents:
STOP THE "10p Tax Ripoff"
Sign the petition to stop the government stealing from the
very poorest tell your friends about this petition:

Re: Framebreaking without JavaScript?

On Aug 3, 8:07 pm, Scott Bryce <sbr...@scottbr yce.comwrote:I understood that. My point is that people have an over valued
opinion of the importance or uniqueness of their content. Look at how
many questions "how do I stop someone from stealing my image/code/
content/etc." show up here all the time. If your content is that
important or unique, add a byline or link to the page. The "hostile
site" will be advertising for you.
Better yet, if your javascript detects someone fraiming your page
redirect them to a page that explaines what the hostile site just
tried to do. Something of the effect

"The website you were at attempted to plagiarize information authored
by "yourwevbsite.c om" Please click this link to take you to the
content's true author's website...."

THAT is a solution that will cost the hostile site users and they will
quickly stop.

--
Travis
Flash Crap: http://travisnewbury.blogspot.com

Re: Framebreaking without JavaScript?

Travis Newbury wrote:I wouldn't do that. I have had to deal with the same issue. I simply
used JavaScript to break out of the frame. That changes the "hostile"
site to a site that is providing a link to yours. And the user doesn't
have to get caught in the crossfire.

The user doesn't need to know about the other site framing your site.
Just take your content back from the other site, and leave it at that. A
savvy user will figure out what is going on when he sees your site
redraw outside of the frame.

Just break out of the frame and leave it at that. Otherwise you are
punishing the user unnecessarily.